Half of malicious emails tied to credential phishing

Malicious emails leave organisations vulnerable to phishing attacks

New research from the cybersecurity firm Cofense has revealed that 10 per cent of user-reported emails across key industries are malicious with over half of them tied to credential phishing.

The firm's new report highlights the top phishing attacks used today and offers solutions for organisations to effectively manage those risks.

According to recent industry reports, email is responsible for delivering a staggering 92 per cent of malware and by the end of 2017 the average email user received 16 malicious emails per month. Eliminating phishing and email-based threats entirely is impossible but organisations are still trying to minimise the risk associated with these threats.

Analysing malicious emails

To compile its report, Cofense examined real and simulated threat findings from its internal research teams and a cross a sampling of its global customer base with real data from 1,400 customers in 50 countries and 23 major industries including half of the Fortune 100.

In total, the firm analysed more than 135m phishing simulations, 800,000 reported emails and almost 50,000 real phishing campaigns targeting organisations in 23 industries ranging from healthcare, financial services to manufacturing. The report found that so far in 2018, one-in-ten reported emails were verified as malicious and more than half of those were tied to credential phishing.

Cofense also found that 21 per cent of reported crimeware emails contained malicious attachments. When it came to phishing emails, the term “Invoice” is one of the top phishing subjects and appeared in six of the ten most effective phishing campaigns of this year.

Boosting resiliency

An increase in the reporting rate (21.6 per cent, up from 14 per cent three years ago) played a large role in boosting the overall resiliency rate of users. However, companies in the utilities and energy industries built up the most resiliency to phishing over time but all industries considered critical infrastructure still have plenty of work to do.

“We founded Cofense on the principal that the human element, the users who are targeted, are a critical factor in defending against phishing threats," said Aaron Higbee, Co-founder and CTO of Cofense.

"We see phishing emails bypass technology controls every day and more and more end-users recognising and reporting these threats that slipped past million-pound defences. The results of our research detailed in the ‘State of Phishing Defense’ shows that resiliency is building across key industries thanks to those same people that were once deemed as the weakest-links in an organisation. These trends are powerful and reinforce that humans are a key element to a successful security program.”